Much Ado About Nothing Hack
And, as of Friday, DoD's National Geospatial-Intelligence Agency, which collects, analyzes and distributes geospatial intelligence to support national security, still employs Montgomery, where he has worked for the past 10 years, according to a spokeswoman.
Any security breach should be treated seriously, but not all breaches are equal, as the Montgomery case shows.
In this case, the punishment seems to fit the crime.
Montgomery had top secret clearance, but didn't have privileges to access a computer systems used by the Army and FBI in a terrorism investigation, which he did at least twice in April. Still, despite a banner warning against unauthorized access, Montgomery accessed the system. Before his arrest, Montgomery told investigators, according to an affidavit: "It was not until I was called on the carpet, that I went back and read the warning notice in the message traffic."
In an interview with Wired.com before the felony charge was reduced to a misdemeanor and his sentencing, Montgomery said he was being made a scapegoat for a security snafu that sent a password to tens of thousands of analysts without the need-to-know. "In my opinion, go after the person who provided me with that information," he said. "I was just a consumer. I wasn't the person who put that username and password out there for tens out thousands of analysts to see."
Still, Montgomery violated a law, despite the fact there was neither evidence of ill intent nor perceivable damage to the terrorism investigation or national security. In this case, the punishment seems to fit the crime.